部分讲解： We’re also seeing this as an issue at DigitalOcean. It’s a concern not just for load…

部分讲解： We’re also seeing this as an issue at DigitalOcean. It’s a concern not just for load-balancer TLS termination, but also for supporting proxy protocol as encouraged in ( https://kubernetes.io/docs/tutorials/services/source-ip/ ). Traffic addressed to the LB ip from within the cluster never reaches the load-balancer, and the required proxy header isn’t applied, causing a protocol violation. The in-tree AWS service type loadbalancer supports proxy protocol and TLS termination, but because they populate status.loadbalancer.ingress.hostname rather than .ip they avoid this bug/optimization. We’re willing to put together a PR to address this there’s interest from sig-network to accept it. We’ve considered a kube-proxy flag to disable the optimization, or the more complex option of extending v1.LoadBalancerIngress to include feedback from the cloud provider. # 参考链接 https://github.com/kubernetes/kubernetes/issues/66607?spm=a2c4g.11186623.2.8.765e7a47mxR9Qr https://help.aliyun.com/document_detail/171437.html